.Hi, i'm analyzing a malware that call CreateProcess (CREATE_SUSPENDED) function to create a new iexplore.exe process, use VirtualAllocEx, WriteProcess Memory and CreateRemoteThread to inject its code in it. I'm trying to attach the suspended process to windbg before CreateRemoteThread is call but i have problems. WinDBG say me that the process is invalid, or something like this.Is there someone can help me ? Thank you
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}